samba server message block file & print server. service profile type: system-v managed service...
TRANSCRIPT
![Page 1: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/1.jpg)
SAMBA
Server Message Block File & Print Server
![Page 2: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/2.jpg)
Service Profile
Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd Script: smb Ports: 137/udp, 138/udp 139/tcp Configuration: /etc/samba/smb.conf
![Page 3: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/3.jpg)
SaMBa
Client & Server for the Common Internet File System (CIFS) Microsoft's name for its SMB protocol
implementation Contains components of the LanManager
and NetBIOS protocols Samba may provide performance
improvements over ‘native’ CIFS Hhtp://www.samba.org
![Page 4: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/4.jpg)
The goal of SAMBA
A single integrated work-group spanning Windows and Linux machines
![Page 5: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/5.jpg)
The view from Windows
Linux based resources look identical to Windows based resources.
Using Universal Naming conventions (UNC): \\toltec\spirit
![Page 6: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/6.jpg)
The view from Linux
# smbstatusProcessing section "[homes]“Processing section "[printers]“Processing section "[spirit]“
Samba version 2.2.6Service uid gid pid machine spirit jay jay 7735 maya (172.16.1.6) Sun Aug 12 12:17 2005spirit jay jay 7779 aztec (172.16.1.2) Sun Aug 12 12:49 2005jay jay jay 7735 maya (172.16.1.6) Sun Aug 12 12:56 2005
![Page 7: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/7.jpg)
The view from LinuxLocked files:Pid DenyMode R/W Oplock Name-----------------------------------------------------------------------------------------------------7735 DENY_WRITE RDONLY NONE /u/RegClean.exe Sun Aug 12
13:01:22 2005
Share mode memory usage (bytes): 1048368(99%) free + 136(0%) used + 72(0%) overhead = 1048576(100%) total
![Page 8: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/8.jpg)
Samba Services
Authentication & Authorization of users File & Printer Sharing Name Resolution
Provides some capabilities of a WINS serverMaps between NetBIOS names to IP addresses
Note that WINS is independent and unrelated to DNS
Browsing (service announcements)
![Page 9: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/9.jpg)
NetBIOS Names
16 Bytes in length 15 bytes for the selected name
All standard characters a-z, A-Z, 0-9 and ! @ # $ % ^ & ( ) - ' { } . ~ are allowed.
It is normal practise to use the same machine name for the DNS record and the NetBIOS record.
The 16th byte indicates the unique service provided by the machine
![Page 10: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/10.jpg)
Examples of NetBIOS resource types
Named resource Hexadecimal byte valueStandard Workstation Service 00Messenger Service 03RAS Server Service 06Domain Master Browser Service 1B(associated with primary domain controller)Master Browser name 1DNetDDE Service 1FFileserver (including printer server) 20RAS Client Service 21Network Monitor Agent BENetwork Monitor Utility BF
![Page 11: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/11.jpg)
Querying NetBIOS names
C:\>nbtstat -a toltec
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
TOLTEC <00> UNIQUE Registered
TOLTEC <03> UNIQUE Registered
TOLTEC <20> UNIQUE Registered
...
![Page 12: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/12.jpg)
Workgroups
SMB groups are the same as Windows Workgroups. There are predefined group resource types.
Nbtstat output:NetBIOS Remote Machine Name Table Name Type Status ---------------------------------------------------------------- METRAN <00> GROUP Registered METRAN <1E> GROUP Registered ..__MSBROWSE__.<01> GROUP Registered
![Page 13: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/13.jpg)
Smb.conf sections
Similar layout to the windows.ini file split into different [ … ] sections
[global]: generic server or global settings which apply to each share
[homes]: used to grant some or all users access to their home directories
[printers]: defines printer resources and services
![Page 14: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/14.jpg)
Sample global section
# Simple global section
[global]
Log file = /var/log/samba/samba.log
Load printers=yes
Max log size=50
Netbios name=RHL
Server string=Samba Server
Workgroup=Tardis
![Page 15: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/15.jpg)
Configuring File and Directory Sharing
Shares should have their own [ … ] section Options include
Public- can be accessed by guest account Browseable – share is visible in browse lists Writeable – resource is read and write enabled Printable – resource is a printer, not a disk Group: all connections to the share use the
specified group as their primary group
![Page 16: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/16.jpg)
Example
# share Ronan’s Home Dir[ronan-home]
Comment= Ronan’s Home DirectoryPath = /home/rbradleyBrowseable=yesWriteable=yesPublic = yescreateMode=0664DirectoryMode=0775maxConnections=1Printable = no
![Page 17: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/17.jpg)
Printing
Printers defined in /etc/cups/printers.conf
Global options as follows: [printers]
path = /var/spool/samba browsable = yes public = yes guest ok = yes writeable = no printable = yes
![Page 18: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/18.jpg)
Printing
[LibertyLane] Comment = Staff Printer LaserJet 5 printer = prll valid users = rbradley smcneally path = /var/spool/prll public = no writeable = no printable = yes
By default, samba assumes printing is via cups, this can be overridden with the printing= parameter in the [global] section
![Page 19: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/19.jpg)
Other examples
[lp] print command = lpr -s -P %p %s; rm %s printable = yes browseable = no
[nec-raw] comment = Main PostScript printer driver for Windows
clients printer driver = NEC SilentWriter 95 printable = yes browseable = yes
![Page 20: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/20.jpg)
Supporting WINS
Turn WINS support on add in [global]: wins support = yes The SaMBa server will maintain a database of
NetBIOS to IP mapping and acts as a name server for these mappings
Specify the name resolution order name resolve order = wins lmhosts bcast
Note that this example shows the the default order and is therefore unnecessary
![Page 21: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/21.jpg)
Name resolution options host means use the system resolver library to
determine the IP address of a name lmhosts means to read name-IP mappings from
the NetBIOS lmhosts file /etc/samba/lmhosts If this doesn’t exist, lmhosts lookup will be skipped
wins tells the server to maintain a WINS database Names will be added and updated as clients connect
bcast uses the NetBIOS broadcast mechanism to find the addresses of all hosts Broadcast storms
![Page 22: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/22.jpg)
Authentication
There are a number of mechanisms for implementing Authentication in Samba
By setting the security= setting this can be controlled by administrators User: Validation is done on a per-user basis, requiring a local
smbpasswd file and also smbusers file Server: Validation done by another server share: Validation on a per-share basis. Will block all public
access domain: a workgroup with a collection of authentication data is
usedworkgroup = NAME
![Page 23: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/23.jpg)
Local file based Authentication
To create the local password file use cat /etc/passwd ¦ mksmbpasswd.sh >
/etc/samba/smbpasswd
Specify that passwords should be stored encrypted encrypted passwords = yes
Specify the servers to be contacted for authentication information (used when security option is not user). password server = host1 host2 host3
![Page 24: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/24.jpg)
Adding users and setting passwords
To add a user smbadduser ronan.bradley:rbradley UNIX Username: Windows Username, need not match
Encrypted (by default) passwords stored in /etc/samba/smbpasswd
Users added with smbadduser and smbpasswd Users defined in /etc/samba/passwd must exist
in /etc/passwd
![Page 25: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/25.jpg)
Passwords
Encrypted passwords stored in /etc/samba/smbpasswd
Users added with smbadduser and smbpasswd Users defined in /etc/samba/passwd must exist
in /etc/passwd To add a user
smbadduser rbradley:rbradley UNIX Username: Windows Username, need not match
![Page 26: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/26.jpg)
Passwords
Use smbpasswd for subsequent password changes for all users
Can also specify valid users in /etc/samba/passwd, but specify that a Primary Domain Controller will manage the passwords
![Page 27: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/27.jpg)
Winbind
winbind maps between windows user and group IDs and unix user and group IDs
COMP+rbradley or STUDENT\srooney6 or COMP\STAFF or STUDENT:FT211-4
![Page 28: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/28.jpg)
Linux Client access with Samba
Smbclient is the standard client utility, useful for testing and for scripts
Smbfs is an optional kernel component which allows Linux to mount an SMB share directly, in similar fashion to mounting an NFS share Not available on UML
![Page 29: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/29.jpg)
Smbclient syntax
If you do not specify username%password, smbclient will use the upper case version of USER or LOGNAME variable and the PASSWORD variable (if set)
If you use the –U option smbclient –U rbradley%letmein Not a great idea, as the command issued is visible in the
history and in the ps information
Smbclient includes an ftp-like shell
![Page 30: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/30.jpg)
Sample smbclient –L output smbclient -L toltecadded interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0Password:Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment --------- ------ --------------test Disk For testing only, please IPC$ IPC IPC Service (Samba 2.2.5) HP Printer HP 932C on Maya ADMIN$ Disk IPC Service (Samba 2.2.5)
Server Comment --------- ------- MAYA Windows 98 MIXTEC Samba 2.2.5 TOLTEC Samba 2.2.5 ZAPOTEC Workgroup Master ---------------- -------METRAN TOLTEC
![Page 31: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/31.jpg)
Samba Daemons
Nmbd: NetBIOS name server Supports resource browsing (i.e. identification of
available shares and printers) Provides the WINS server (i.e. maintains the
database of available NetBIOS name to IP mappings)
Smbd: SMB/CIFS server Authentication and authorization File and Printer Sharing
![Page 32: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/32.jpg)
Samba Daemon
When an SMB client starts, it needs to know the IP address being used by a particular host
Client broadcasts this request on the network and receives a response from nmbd containing the NetBIOS information
![Page 33: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/33.jpg)
Configuration Testing
testparm is used to test the correct configuration of your samba settings
To check what access will be granted to a given host, you can also supply the IP address of a given host testparm 147.252.224.78 Will return which resources are accessible to that host
![Page 34: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/34.jpg)
Samba Client
smbclient can be used as a command-line file retrieval/transfer tool smbclient //machine/resource
cd directory get file
Also allows simple view of shared resources smbclient –L hostname
user%password may be specified with the –U option or by setting and exporting USER and PASSWORD environment variables
![Page 35: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/35.jpg)
Samba Client
If you do not specify username%password, smbclient will use the upper case version of USER or LOGNAME variable and the PASSWORD variable (if set)
If you use the –U option smbclient –U rbradley%letmein Not a great idea, as the command issued is visible in the
history and in the ps information
Smbclient includes an ftp-like shell
![Page 36: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/36.jpg)
Sample smbclient –L output smbclient -L toltecadded interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0Password:Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] Sharename Type Comment --------- ------ --------------test Disk For testing only, please IPC$ IPC IPC Service (Samba 2.2.5) HP Printer HP 932C on Maya ADMIN$ Disk IPC Service (Samba 2.2.5)
Server Comment --------- ------- MAYA Windows 98 MIXTEC Samba 2.2.5 TOLTEC Samba 2.2.5 ZAPOTEC Workgroup Master ---------------- -------METRAN TOLTEC
![Page 37: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/37.jpg)
nmblookup
Can be used to query a WINS server To list a specific machine
nmblookup –U server –R ‘name’
Or to list all machines nmblookup \*
Queries a WINS server in the same way nslookup (or dig) queries a DNS server
Will return hostname and IP
![Page 38: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/38.jpg)
smbmount
SMB file system can be supported by the LINUX kernel Not available in UML
Can use smbmount to mount a SMB-shared resource smbmount service mountpoint –o options
smbmount //server/resource /mnt/smb –o username=smbuser
Must set CONFIG_SMB-FS set on for smbmount to work
![Page 39: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/39.jpg)
Samba mounts in /etc/fstab
Samba mounts can be performed automatically upon system boot by editing /etc/fstab
Specify the UNC path the local mount point smbfs as the file system and a username
//server1/resource /mnt/smb smbfs deaults,username=nobody 0 0
![Page 40: SAMBA Server Message Block File & Print Server. Service Profile Type: System-V managed service Packages: samba-common, samba-client Daemons: nmbd, smbd](https://reader036.vdocuments.us/reader036/viewer/2022062422/56649f265503460f94c3dd54/html5/thumbnails/40.jpg)
Samba Resources
http://info.ccone.at/INFO/Samba/introduction.html